Cyber-Physical Systems (CPSes) are integrated into security-critical infrastructures such as medical devices, autonomous vehicles and smart grids. Unfortunately, the pervasiveness and network accessibility of these systems and their relative lack of security measures make them attractive targets for attacks. This makes building Intrusion Detection System (IDS) for CPSes a necessity. However, detecting intrusions requires collecting information about a system’s internal workings; this can be expensive both in runtime and memory consumption. According to prior research, fine-grain monitoring of a CPS maximizes the chance of intrusion detection but incurs overhead that can exceed the resource constraints of these systems. The objective of this study is to propose a solution for adapting IDSes for deployment on resource-limited CPSes without losing detection accuracy.

We propose ARTINALI#; a Bayesian-based search and score technique that identifies the critical points at which to instrument a CPS. Given a set of security monitors that observe run-time behavior of the system, a set of specifications that verify the correct behavior of the system, and statistics gathered from fault injection, ARTINALI# discovers a small set of locations and a rich set of specifications that yield full attack coverage with low (memory and time) overhead. We deploy ARTINALI# to construct an IDS for two CPSes: a smart meter and a smart artificial pancreas. We demonstrate that our technique reduces the number of security monitors by 64% on average, leading to 52% and 69% reductions in memory and runtime overhead respectively, while still detecting over 98% of emulated attacks, on average. ARTINALI# enables the IDSes to be applicable to a wide range of CPS systems with different resource capacities. In addition, it accelerates the attack detection process which is significantly essential for safety-critical systems.

网络物理系统（CPS）已集成到安全性至关重要的基础架构中，例如医疗设备，自动驾驶汽车和智能电网。不幸的是，这些系统的普遍性和网络可访问性以及它们相对缺乏安全措施，使它们成为攻击的诱人目标。这使得构建用于CPS的入侵检测系统（IDS）成为必要。但是，检测入侵需要收集有关系统内部运行情况的信息。这在运行时和内存消耗上都可能是昂贵的。根据先前的研究，对CPS的细粒度监视可以最大程度地提高入侵检测的机率，但会产生开销，这些开销可能超过这些系统的资源限制。

我们提出ARTINALI＃；基于贝叶斯的搜索和评分技术，该技术可识别用于测量CPS的关键点。给定一组监视系统运行时行为的安全监视器，一组用于验证系统正确行为的规范以及从故障注入中收集的统计信息，ARTINALI＃发现了一小组位置和一组丰富规范从而以较低的（内存和时间）开销产生完整的攻击覆盖范围。我们部署ARTINALI＃为两个CPS构建IDS：智能仪表和智能人工胰腺。我们证明了我们的技术平均将安全监视器的数量减少了64％，从而分别将内存和运行时开销减少了52％和69％，同时仍平均检测到了98％的模拟攻击。ARTINALI＃使IDS可以适用于具有不同资源容量的各种CPS系统。此外，它还可以加快攻击检测过程的速度，这对于安全关键型系统至关重要。